Chapter 8 Flashcards
Define catastrophic loss
When one more losses in a single event, their individually or in their totality, so severe that they result in devastating consequences for the entity insured, including loss of life, bankruptcy, insolvency, loss of geographic infrastructures, or organizational collapse
Define catastrophic cyber loss
The possibility that one single attack that capitalizes on societies collective connectivity affects millions if not billions of individuals and organizations across various industry segments and geographies
What are some possible types of catastrophic cyber losses?
-Critical utilities and nuclear facilities
-Transportation industry
-Healthcare system and hospitals
-Global supply chains for the manufacturing industry
What are two ways a supply chain can cause a cyber risk exposure?
-Risk due to disruption of global supply chains for the manufacturing industry
-Risk from supply chain third-party exposure
Explain risk aggregation
-Occurs when multiple insurance claims are generated by one single event or a series of related events
-Is a key metric for insurance companies that impacts their long-term solvency, capital requirements and cash flow
-Track risk aggregation is a long-standing practice for traditional lines of coverage for catastrophic events, such as natural disasters
-While many actuarial models based on historical industry data exist for traditional lines of coverage, this is not true for tracking aggregation for cyber insurance
What are the steps in a catastrophe management process?
Identifying catastrophe risk appetite
Measuring catastrophe exposure
Pricing for catastrophe exposure
Controlling catastrophe exposure
Evaluating ability to pay catastrophe losses
What are the four scenarios cyber attacks can be classified for in a supply chain?
- Cyber attack on an upstream supplier, causing supply chain failure
- Data breach enabling through system weakness in the supply chain
- Fraudulent transactions enabled through system weakness in the supply chain
- Corporate system weakness causing cyber security in other parts of the supply chain
What are catastrophe management challenges for cyber insurers?
Lack of historical data
Lack of disability and policyholders virtual independencies
Barriers to geographical diversification
What are the impacts of silent cyber?
-The potential for a cyber risk to trigger losses on policies where coverage is unintentional, unpriced for, or both
-In the absence of clear cyber coverage grants or exclusions, insurers facing a cyber claim on a non-cyber insurance policy must affirm or negate coverage
-Coverage may lead to coverage disputes that must be decided by the courts
-If the court affirm coverage, insurers could be liable to indemnify policyholders for cyber losses under policies that were not designed for this purpose
What are the best practices for dealing with catastrophic incidents and aggregation?
-Keeping an eye on changing privacy regulations
-Evolving understanding of business income exposures from cyber catastrophes
-Addressing silent cyber
-Promoting consistency in cyber wordings
-Collaborating on catastrophic risk modeling
Explain the purpose of keeping an eye on changing the privacy regulations
-An ever-changing set of regulations from governments around the globe
-Industry awaiting settlements and decisions to fully measure the impact of large data breaches and their fully realized costs
Explain the purpose of evolving understanding of business income exposures from cyber catastrophes
Business interrupter insurance triggers under cyber insurance policies have broaden beyond technical supply malfunctioning to include voluntary system shutdown as preventive method measures or any cyber incident that interrupt a company’s ability to operate
Explain the purpose of addressing silent cyber
To align insurance premiums to actual risks facing insurance policies in force to protect earnings and avoid capital volatility generated by unrecognized, unpriced or unintentional cyber exposure arising out of catastrophic events
Explain the purpose of promoting consistency in cyber wordings
Lack of standardization and common terminology makes it difficult for insurance brokers to learn about the product and for policyholders to have clarity around the coverage they are purchasing
Explain the purpose of collaborating on catastrophic risk modeling
The systemic intangible dynamic nature of cyber risk means that all parties involved have an interest in sharing anonymized loss data and claims information
